Asked by:

Remove Win2K8R2 subordinate CA?

Question

We are decommissioning a DC server that is also acting as a subordinate CA in the environment (AD integrated, Win2K8 R2). The Root CA is staying as it is. What is the recommended approach that I need to take in order to cleanly remove it from the environment?
Do I just go through the Remove Role wizard? What will happen with the already issued certificates? Can these be migrated over to the root CA?